This discussion is archived
1 Reply Latest reply: Apr 19, 2012 8:14 PM by EJP RSS

how do you control the kind of TLS alerts sent by JSSE?

910573 Newbie
Currently Being Moderated
I am working on an application which does certificate path validation that needs to plug into the JSSE framework. So, I have implemented my own X509TrustManager which implement the 'checkClientTrusted' and 'checkServerTrusted' methods such that when the application's certificate path validation fails, it throws a CertificateException as desired by the method signature. Also, CertificateException has four subclasses: CertificateEncodingException, CertificateExpiredException, CertificateNotYetValidException and CertificateParsingException. The subclass of CertificateException that you throw on certificate path validation failure makes JSSE send a relevant TLS alert to the SSL negotiating peer. HOWEVER, the subclasses of CertificateException don't include anything to send many important TLS alerts like certificate_revoked, unsupported_certificate and many more. How can you make JSSE send these alerts in this case?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points